aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--matrix-server/certbot/Dockerfile1
-rw-r--r--matrix-server/certbot/scripts/concatenate-certificates.sh8
-rw-r--r--matrix-server/certbot/scripts/create-certificates.sh9
-rw-r--r--matrix-server/certbot/scripts/renew-certificates.sh5
-rw-r--r--matrix-server/certbot/scripts/update-haproxy-certificates.sh9
-rw-r--r--matrix-server/docker-compose.yml59
-rw-r--r--matrix-server/haproxy/haproxy.cfg44
7 files changed, 82 insertions, 53 deletions
diff --git a/matrix-server/certbot/Dockerfile b/matrix-server/certbot/Dockerfile
index dc6369b..cd1c6bd 100644
--- a/matrix-server/certbot/Dockerfile
+++ b/matrix-server/certbot/Dockerfile
@@ -1,4 +1,5 @@
FROM certbot/certbot:v1.11.0
RUN apk update && apk add socat
COPY ./scripts/ /etc/scripts/
+RUN chmod +x /etc/scripts/*.sh
EXPOSE 380
diff --git a/matrix-server/certbot/scripts/concatenate-certificates.sh b/matrix-server/certbot/scripts/concatenate-certificates.sh
index 5238a9b..242f5e5 100644
--- a/matrix-server/certbot/scripts/concatenate-certificates.sh
+++ b/matrix-server/certbot/scripts/concatenate-certificates.sh
@@ -1,5 +1,7 @@
-#!/bin/bash
+#!/bin/sh
-if [ -f /etc/letsencrypt/live/davole.com/fullchain.pem -a -f /etc/letsencrypt/live/davole.com/privkey.pem ]; then
- cat /etc/letsencrypt/live/davole.com/fullchain.pem /etc/letsencrypt/live/davole.com/privkey.pem > /etc/certificates/davole.com.pem
+echo "running concat certs..."
+if [ -f /etc/letsencrypt/live/terminaldweller.com/fullchain.pem -a -f /etc/letsencrypt/live/terminaldweller.com/privkey.pem ]; then
+ echo "when you're out, we're in...''"
+ cat /etc/letsencrypt/live/terminaldweller.com/fullchain.pem /etc/letsencrypt/live/terminaldweller.com/privkey.pem > /etc/certificates/terminaldweller.com.pem
fi
diff --git a/matrix-server/certbot/scripts/create-certificates.sh b/matrix-server/certbot/scripts/create-certificates.sh
index 5fb6345..1bc1094 100644
--- a/matrix-server/certbot/scripts/create-certificates.sh
+++ b/matrix-server/certbot/scripts/create-certificates.sh
@@ -1,9 +1,10 @@
-#!/bin/bash
+#!/bin/sh
+echo "running create certs..."
# Request certificates
certbot certonly --standalone \
- --non-interactive --agree-tos --email info@davole.com --http-01-port=380 \
- --cert-name davole.com \
- -d davole.com
+ --non-interactive --agree-tos --email thabogre@gmail.com --http-01-port=380 \
+ --cert-name terminaldweller.com \
+ -d terminaldweller.com
# Concatenate certificates
. /etc/scripts/concatenate-certificates.sh
# Update certificates in HAProxy
diff --git a/matrix-server/certbot/scripts/renew-certificates.sh b/matrix-server/certbot/scripts/renew-certificates.sh
index e46d412..ff56115 100644
--- a/matrix-server/certbot/scripts/renew-certificates.sh
+++ b/matrix-server/certbot/scripts/renew-certificates.sh
@@ -1,7 +1,8 @@
-#!/bin/bash
+#!/bin/sh
+echo "running renew certs..."
# Certificates exist
-if [ -d /etc/letsencrypt/live/davole.com ]; then
+if [ -d /etc/letsencrypt/live/terminaldweller.com ]; then
# Check certificates and renew them
certbot renew --http-01-port=380
diff --git a/matrix-server/certbot/scripts/update-haproxy-certificates.sh b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
index a1f9fc6..9eaae7c 100644
--- a/matrix-server/certbot/scripts/update-haproxy-certificates.sh
+++ b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
@@ -1,10 +1,11 @@
-#!/bin/bash
+#!/bin/sh
+echo "running update certs..."
# Start transaction
-echo -e "set ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem <<\n$(cat /etc/certificates/davole.com.pem)\n" | socat tcp-connect:haproxy:9999 -
+echo -e "set ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem <<\n$(cat /etc/certificates/terminaldweller.com.pem)\n" | socat tcp-connect:haproxy:9999 -
# Commit transaction
-echo "commit ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
+echo "commit ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem" | socat tcp-connect:haproxy:9999 -
# Show certification info (not essential)
-echo "show ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
+echo "show ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem" | socat tcp-connect:haproxy:9999 -
diff --git a/matrix-server/docker-compose.yml b/matrix-server/docker-compose.yml
index 42083c2..eb0f354 100644
--- a/matrix-server/docker-compose.yml
+++ b/matrix-server/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.8"
+version: "3.4"
services:
postgres:
image: postgres:13-alpine
@@ -28,20 +28,26 @@ services:
- dbnet
volumes:
- synapse-data:/data/
- - cert-data:/etc/letsencrypt/live/
- - ./synapse/homeserver.yaml:/data/homeserver.yaml:ro
+ # - cert-data:/etc/letsencrypt/live/
+ # - ./synapse/homeserver.yaml:/data/homeserver.yaml
+ # - ./synapse/terminaldweller.com.signing.key:/data/terminaldweller.com.signing.key
+ # - ./synapse/terminaldweller.com.log.config:/data/terminaldweller.com.log.config
+ # entrypoint: ["tail", "-f", "/dev/null"]
+ # command: ["generate"]
depends_on:
- postgres
- haproxy
ports:
- "8008:8008"
- - "8484:8484/tcp"
- - "8443:443"
+ # - "8484:8484/tcp"
+ # - "443:443"
environment:
+ - SYNAPSE_SERVER_NAME=terminaldweller.com
+ - SYNAPSE_REPORT_STATS=yes
- SYNAPSE_DATA_DIR=/data/
- SYNAPSE_CONFIG_DIR=/data/
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
- - TZ=Tehran/Asia
+ # - TZ=Tehran/Asia
healthcheck:
test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
interval: 1m
@@ -50,42 +56,49 @@ services:
haproxy:
image: haproxy:lts-alpine
ports:
- - "9080:80"
+ - "80:80"
- "443:443"
- "9999:9999"
+ - "8448:8448/tcp"
networks:
- matrixnet
- turnnet
+ - certnet
volumes:
- ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
- - cert-data:/usr/local/etc/haproxy/certificates:ro
+ # - cert-data:/usr/local/etc/haproxy/certificates:ro
+ # - cert-data:/etc/certificates:ro
+ - certificates:/etc/certificates
depends_on:
- certbot
- restart: on-failure
+ # restart: on-failure
certbot:
image: certbot
build:
context: ./certbot
ports:
- - "80:80"
+ - "9080:80"
- "9443:443"
networks:
- certnet
volumes:
- - cert-data:/etc/certificates
+ # - cert-data:/etc/certificates
+ - certificates:/etc/certificates
+ - certbot-data:/etc/letsencrypt
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do . /etc/scripts/renew-certificates.sh ; sleep 12h & wait $${!}; done;'"
restart: always
- coturn:
- image: coturn/coturn:latest
- networks:
- - turnnet
- volumes:
- - ./coturn/turnserver.conf:/etc/turnserver.conf:ro
- ports:
- - "3478:3478"
- - "5349:5349"
- depends_on:
- - synapse
+ command: ["certonly"]
+ # coturn:
+ # image: coturn/coturn:latest
+ # networks:
+ # - turnnet
+ # volumes:
+ # - ./coturn/turnserver.conf:/etc/turnserver.conf:ro
+ # ports:
+ # - "3478:3478"
+ # - "5349:5349"
+ # depends_on:
+ # - synapse
networks:
matrixnet:
certnet:
@@ -95,6 +108,8 @@ volumes:
db-data:
synapse-data:
cert-data:
+ certificates:
+ certbot-data:
secrets:
pg_pass_secret:
file: ./postgres/pg_pass_secret
diff --git a/matrix-server/haproxy/haproxy.cfg b/matrix-server/haproxy/haproxy.cfg
index 2afa3fb..c619259 100644
--- a/matrix-server/haproxy/haproxy.cfg
+++ b/matrix-server/haproxy/haproxy.cfg
@@ -1,30 +1,38 @@
global
- stats socket :9999 level admin expose-fd listeners
- log stdout format raw local0
- ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+stats socket :9999 level admin expose-fd listeners
+log stdout format raw local0
+ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+
+defaults
+timeout connect 5000ms
+timeout client 50000ms
+timeout server 50000ms
+default-server init-addr last,libc,none
frontend http
- bind :80
- http-request redirect scheme https unless { ssl_fc }
- acl certbot path_beg /.well-known/acme-challenge/
- use_backend certbot if certbot
+bind *:80
+http-request redirect scheme https unless { ssl_fc }
+acl certbot path_beg /.well-known/acme-challenge/
+use_backend certbot if certbot
frontend https
- bind :::443 v4v6 ssl crt /etc/certificates strict-sni alpn h2.http/1.1
- acl matrix-host hdr(host) -i matrix.example.com
- acl matrix-path path_beg /_matrix
- acl matrix-path path_beg /_synpase/client
- use_backend matrix if matrix-host matrix-path
+#uncomment this to get ssl certificate for the first run
+bind *:443 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem strict-sni alpn h2,http/1.1
+acl matrix-host hdr(host) -i terminaldweller.com
+acl matrix-path path_beg /_matrix
+acl matrix-path path_beg /_synpase/client
+use_backend matrix if matrix-host matrix-path
frontend matrix-federation
- bind :::8448 v4v6 ssl crt /etc/certificates alpn h2.http/1.1
- default_backend matrix
+#uncomment this to get ssl certificate for the first run
+bind *:8448 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem alpn h2,http/1.1
+default_backend matrix
-resolvers docker_resolver
- nameserver dns 127.0.0.11:53
+resolvers docker
+nameserver dns1 127.0.0.11:53
backend matrix
- server matrix synapse:8008
+server matrix synapse:8008
backend certbot
- server certbot certbot:380
+server certbot certbot:380